Criminals steal payment information of online shoppers

By Thad RueterSenior Editor

Easton-Bell Sports says criminals broke into a server operated by a vendor that contained payment information from web shoppers. The company sells sporting gear under such brands as Bell, Riddell, Giro, Blackburn and Easton Cycling.

The announcement represents the latest retail data breach to hit U.S. consumers, though it is the first one in recent months in which the data stolen came from online shoppers. The payment card numbers and other data stolen from Target Corp. and The Neiman Marcus Group Inc. came from their stores.

Easton-Bell operates the Easton, Bell, Riddell, Giro, Blackburn and Easton Cycling brands. The company says that “vendor servers were subject to a malicious software computer intrusion” that enabled access to data for e-commerce customers. The information stolen involves online purchases made between Dec. 1 and Dec. 31, 2013 and “may have included” names, home and e-mail addresses, telephone numbers, credit card numbers and the three- or four-digit security codes on credit cards that are often used to confirm purchases. The retailer offered no further immediate details about the stolen information.

In a statement, Easton-Bell says: “Upon discovery of this intrusion, we immediately shut down the affected servers and took steps to prevent further access to this information, including cleaning and rebuilding the affected servers. We have also engaged a highly experienced computer forensic specialist to conduct an exhaustive investigation of this matter. We are also working with our vendor on additional measures that can be taken to prevent such incidents in the future.”

Easton-Bell says it has not found that the stolen data has been used for theft. It did not say how many consumers may have been affected.